Fraud Classification
TL;DR
- Who did it? First-party (your customer) vs Third-party (stolen card) vs Fake identity
- Your response differs: 3DS for third-party, evidence collection for friendly fraud, device blocking for rings
- Chargeback impact: Third-party = hard to win (use 3DS), Friendly fraud = winnable with evidence
- Quick classification helps you pick the right defense
A quick reference for identifying what type of fraud you're dealing with.
Quick Classification
| What You See | Likely Type | Your Response |
|---|---|---|
| Customer disputes legitimate purchase | Friendly Fraud | Collect evidence, fight with CE 3.0 |
| Stolen card used at checkout | Third-Party Fraud | Enable 3DS for liability shift |
| Same device, many accounts | Fraud Ring | Device fingerprinting, block infrastructure |
| Burst of small transactions | Card Testing | Velocity rules, CAPTCHA |
| Good customer acting strange | Account Takeover | MFA, behavioral analytics |
| Excessive returns/refunds | Refund Fraud | Policy enforcement, tracking |
| Promo/coupon abuse | Promo Abuse | Device linking, limits |
| Fake account signups | Account Fraud | Email/phone verification |
| Mismatched identity info | Fake Identity | Identity verification |
By Actor
First-Party Fraud (Your Customer)
The customer is real and uses their own identity, but abuses your policies.
| Subtype | Description | Defense |
|---|---|---|
| Friendly Fraud | Disputes legitimate purchase | Evidence collection, CE 3.0 |
| Refund Fraud | Exploits return policies | Policy enforcement |
| Promo Abuse | Games promotions/discounts | Device linking, limits |
Chargeback outcome: Winnable with proper evidence
Third-Party Fraud (External Fraudster)
Someone uses stolen payment credentials at your store.
| Subtype | Description | Defense |
|---|---|---|
| Stolen Card | Uses compromised card | 3D Secure, AVS/CVV |
| Card Testing | Validates stolen cards | Velocity rules, CAPTCHA |
| Account Takeover | Hijacks customer account | MFA, behavioral analytics |
Chargeback outcome: Hard to win unless you have 3DS liability shift
Fake Identity Fraud
Fraudster creates fabricated or mixed identity information.
| Subtype | Description | Defense |
|---|---|---|
| Fake Identity | Fabricated persona | Identity verification |
| Account Fraud | Fake account signups | Email/phone verification |
Chargeback outcome: Sometimes winnable with identity mismatch evidence
Organized Fraud
Coordinated attacks across multiple accounts.
| Subtype | Description | Defense |
|---|---|---|
| Fraud Rings | Multi-account attacks | Device fingerprinting, consortium data |
| Triangulation | Three-party resale scheme | Shipping address analysis |
Chargeback outcome: Document network evidence for representment
Classification Decision Tree
Response by Classification
| Fraud Type | Immediate Action | Prevention | Chargeback Strategy |
|---|---|---|---|
| Friendly Fraud | Collect delivery proof | Clear descriptors, communication | CE 3.0, device data |
| Third-Party | Cancel/refund if caught | Enable 3DS | Rely on liability shift |
| Card Testing | Block IP/device | Velocity limits, CAPTCHA | N/A (usually declined) |
| ATO | Lock account, notify customer | MFA, device recognition | Show account compromise |
| Refund Fraud | Flag account | Enforce policies | Document abuse pattern |
| Promo Abuse | Revoke benefits | Device linking | N/A (usually internal) |
| Fraud Ring | Block infrastructure | Device fingerprinting | Show organized pattern |
Related Topics
- Fraud Types Overview - Detailed guides for each type
- Third-Party Fraud - Stolen card fraud
- Friendly Fraud - Customer disputes
- 3D Secure - Liability shift for third-party fraud
- Device Fingerprinting - Linking fraud cases
- Compelling Evidence - Fighting chargebacks
- Evidence Framework - Tier 1/Tier 2 indicators